def hsts(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
time.sleep(0.5)
#print(R+'\n ================================')
#print(R+'\n HTTP STRICT TRANSPORT SECURITY')
#print(R+' ---<>----<>----<>----<>----<>---\n')
from core.methods.print import pvln
pvln("hsts")
if 'https' in web:
check0x00(getHeaders0x00(web))
else:
print(R+' [-] No SSL/TLS detected...')
m = input(O+' [§] Force SSL/TLS (y/N) :> ')
if m == 'y' or m == 'Y':
print(GR+' [*] Using revamped SSL...')
o = 'https://' + web.replace('http://','')
check0x00(getHeaders0x00(web))
elif m == 'n' or m == 'N':
print(GR+' [-] Skipping module...')
def rce(web):
#print(R+'\n =========================================')
#print(R+'\n O S C O M M A N D I N J E C T I O N ')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·——·‹›·——·‹›\n')
from core.methods.print import pvln
pvln("os command Injection")
if properties["PARAM"][1] == " ":
web0 = input(O+' [#] Path Parameter '+R+'(eg. /ping.php?site=foo)'+O+' :> ')
else:
web0 = properties["PARAM"][1]
if "?" in web0 and '=' in web0:
if web0.startswith('/'):
m = input(GR+'\n [!] Your path starts with "/".\n [#] Do you mean root directory? (Y/n) :> ')
if m == 'y' or m == 'Y':
web00 = web + web0
elif m == 'n' or m == 'N':
web00 = web + web0
else:
print(R+' [-] U mad?')
else:
web00 = web + '/' + web0
if properties["PARALLEL"][1] == " ":
pa = input(" [?] Parallel Attack? (enter if not) :> ")
parallel = pa is not ""
else:
parallel = properties["PARALLEL"] == "1"
getPayloads(web00, parallel)
else:
print(R+" [-] Please enter the URL with parameters...")
rce(web)
def rfi(web):
#print(R+'\n ===========================================')
#print(R+'\n R E M O T E F I L E I N C L U S I O N')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·——·‹›·——·‹›·–\n')
from core.methods.print import pvln
pvln("remote file inclusion")
print(C+' Choose from the options:\n')
print(B+' [1] Custom Targetting')
print(B+' [2] Automated Scanning\n')
m = input(O+' [#] TID :> ')
if str(web).endswith('/'):
pass
else:
web = web + '/'
if m == '1':
cust0x00(web)
elif m == '2':
auto0x00(web)
else:
print(G+' [+] U mad?')
time.sleep(0.9)
print('')
rfi(web)
def headers(web):
try:
#print(R+'\n =========================================')
#print(R+'\n H T T P H E A D E R A N A L Y S I S')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·——·‹›·——·‹›·––·‹›\n')
from core.methods.print import pvln
pvln("http header analysis")
time.sleep(0.5)
print(GR + " [!] Initializing Header Analysis...")
Headers = RetrieveHeader(web)
xframe0x00(Headers)
contentsec0x00(Headers)
xssprotect0x00(Headers)
xcontenttype0x00(Headers)
general0x00(Headers)
referrerpol0x00(Headers)
anomaly0x00(Headers)
if "https" in web[:5]:
seccheck0x00(Headers)
print(G + ' [+] Done!')
except Exception as e:
print(R + ' [-] Something happened...')
print(R + ' [-] Error : ' + str(e))
def zone(web):
web = web.replace('http://', '')
web = web.replace('https://', '')
try:
#print(R+'\n ===========================')
#print(R+'\n Z O N E T R A N S F E R')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·\n')
from core.methods.print import pvln
pvln("zone transfer")
time.sleep(0.4)
print(
O +
' [!] Looking up for name servers on which website is hosted...\n'
+ G)
time.sleep(0.7)
os.system('dig +nocmd ' + web + ' ns +noall +answer')
h = input(O + '\n [*] Enter the DNS Server you want to test for :> ')
time.sleep(0.4)
print(GR + ' {*] Attempting zone transfer...')
time.sleep(0.9)
cm = subprocess.Popen(
['host', '-t', 'axfr', web, h, '+answer', '+noall', '+nocmd'],
stdout=subprocess.PIPE).communicate()[0]
if 'failed' in str(cm):
print(R + '\n [-] Zone transfer for ' + O + h + R + ' failed!')
print(R + ' [-] This website is immune to zone transfers!')
else:
print('\n' + G + cm)
except Exception as e:
print(R + ' [-] Error encountered!')
print(R + ' [-] Error : ' + str(e))
def pathtrav(web):
#global gotcha
print(GR + '\n ·› Loading module...')
time.sleep(0.5)
#print(R+'\n ================================================')
#print(R+'\n P A T H T R A V E R S A L (Sensitive Paths)')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·\n')
from core.methods.print import pvln
pvln("path traversal")
try:
print(
GR +
' [!] Input the directory to be used... Final Url will be like ' +
O + '"http://site.com/sensitive"')
param = input(
O +
' [!] Enter directory asssociated (eg. /sensitive) [Enter for None] :> '
)
pa = input("\n [?] Parallelise Attack? (enter if not) :> ")
parallel = pa is not ""
input_cookie = input("\n [#] Got cookies? [Enter if none] :> ")
global gen_headers
gen_headers = {
'User-Agent':
'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201',
'Accept-Language': 'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'text/html,application/xhtml+xml,application/xml;',
'Connection': 'close'
}
if (len(input_cookie) > 0):
gen_headers['Cookie'] = input_cookie
#gen_headers['Cookie'] = "security=low; PHPSESSID=n3o05a33llklde1r2upt98r1k2"
if param.startswith('/'):
web00 = web + param
elif param == '':
web00 = web + param
else:
web00 = web + '/' + param
input_query = input("\n [#] Query Attack? [Enter if not] :> ")
#print(input_query)
if input_query != "":
query[0] = True
param = input(" [#] Enter parameter :> ")
web00 = web00 + "?" + param + "="
siteinput[0] = web00
check0x00(web00, gen_headers, parallel)
except KeyboardInterrupt:
print(R + ' [-] User Interruption!')
return
except Exception as e:
print(R + ' [-] Exception encountered during processing...')
print(R + ' [-] Error : ' + str(e))
def headers(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
try:
#print(R+'\n =========================================')
#print(R+'\n H T T P H E A D E R A N A L Y S I S')
#print(R+' ---<>----<>----<>----<>----<>----<>----<>\n')
from core.methods.print import pvln
pvln("http header analysis")
time.sleep(0.5)
print(GR + " [!] Initializing Header Analysis...")
Headers = RetrieveHeader(web)
xframe0x00(Headers)
contentsec0x00(Headers)
xssprotect0x00(Headers)
xcontenttype0x00(Headers)
general0x00(Headers)
referrerpol0x00(Headers)
anomaly0x00(Headers)
if "https" in web[:5]:
seccheck0x00(Headers)
print(G + ' [+] Done!')
except Exception as e:
print(R + ' [-] Something happened...')
print(R + ' [-] Error : ' + str(e))
def mailspoof(web):
print(GR + ' [*] Loading module...')
time.sleep(0.5)
#print(R+'\n =========================')
#print(R+'\n M A I L S P O O F E R ')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·–\n')
from core.methods.print import pvln
pvln("mail spoofer")
print(GR + ' [*] Setting inital value ' + R + '"False"...')
spoofable = False
try:
domain = web
print(O + ' [!] Getting txt records...')
spfstr = spfStr0x00(domain)
dmValStr = dmCheck0x00(domain)
if dmValStr is False:
spoofable = True
else:
spoofable = False
if spoofable == True:
print(G + " [+] Spoofing possible for " + O + domain + "!")
else:
print(R + " [-] Spoofing not possible for " + O + domain + '...')
except Exception as e:
print(R + " [-] Undefault KeyError encountered!")
print(R + ' [-] Exception : ' + str(e))
def sqli(web):
print(GR + '\n [*] Loading module...')
time.sleep(0.7)
#print(R+'\n ===========================')
#print(R+'\n S Q L ! N J E C T I O N')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·——·\n')
from core.methods.print import pvln
pvln("sql !njection")
time.sleep(0.6)
print(O + ' Choose from the options:\n')
print(B + ' [1] ' + C + 'Error Based SQLi' + W + ' (Manual + Automated)')
print(B + ' [2] ' + C + 'Blind Based SQLi' + W +
' (Manual + Automated)\n')
print(B + ' [99] ' + C + 'Back to Console\n')
v = input(O + ' [§] TID :> ')
if v.strip() == '1':
errorsqli(web, properties)
elif v.strip() == '2':
blindsqli(web, properties)
elif v.strip() == '99':
pass
else:
print(R + ' [-] U high dude?')
def sqli(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Critical Vulnerabilities"
global lvl3
lvl3 = ""
time.sleep(0.7)
#print(R+'\n ===========================')
#print(R+'\n S Q L ! N J E C T I O N')
#print(R+' ---<>----<>----<>----<>----\n')
from core.methods.print import pvln
pvln("sql !njection")
time.sleep(0.6)
print(O + ' Choose from the options:\n')
print(B + ' [1] ' + C + 'Error Based SQLi' + W + ' (Manual + Automated)')
print(B + ' [2] ' + C + 'Blind Based SQLi' + W +
' (Manual + Automated)\n')
print(B + ' [99] ' + C + 'Back to Console\n')
v = input(O + ' [§] TID :> ')
if v.strip() == '1':
errorsqli(web, properties)
elif v.strip() == '2':
blindsqli(web, properties)
elif v.strip() == '99':
pass
else:
print(R + ' [-] U high dude?')
def xss(web):
first = True
while True:
print(GR+' [*] Loading module XSS...')
sleep(0.6)
if web.endswith('/'):
web = web[:-1]
#print(R+'\n =========================================')
#print(R+'\n C R O S S S I T E S C R I P T I N G')
#print(R+' ——·‹›·––·‹›·——·‹›·––·‹›·–—·‹›·––·‹›·——·‹›\n')
from core.methods.print import pvln
pvln("Cross site scripting")
if first:
print(GR+' [*] Importing payloads...')
sleep(0.8)
try:
with open('files/payload-db/xss_payloads.lst','r') as payloads:
pay.clear()
for payload in payloads:
payload = payload.replace('\n','')
pi = r'%s' % (payload)
#pi = payload.encode("utf-8").decode("utf-8")# % (payload) # Converting to a raw string
#pil = str(pi).split("'")
#payl = ""
#for i in range(1,len(pil)-1):
# payl += pil[i]
pay.append(pi)
print(G+' [+] '+O+str(len(pay))+G+' payloads loaded!')
first = False
sleep(0.2)
with open('files/payload-db/polyglot_payloads.lst','r') as polyy:
poly.clear()
for payload in polyy:
payload = payload.replace('\n','')
poy = r'%s' % (payload)
poly.append(poy)
print(G+' [+] '+O+str(len(poly))+G+' polyglots loaded!')
sleep(0.7)
except IOError:
print(R+' [-] Payloads file does not exist!')
if properties["PARALLEL"][1] == " ":
pa = input(" [?] Parallel Attack? (enter if not) :> ")
parallel = pa is not ""
else:
parallel = properties["PARALLEL"][1] == "1"
print(O+'\n [§] Enter the type you want to proceed:\n')
print(B+' [1] '+C+'Manual Mode')
print(B+' [2] '+C+'Automatic Mode\n')
p = input(O+' [§] TID :> ')
if p == '1':
print(GR+' [*] Initializing manual mode...')
manual0x00(web, parallel)
if p == '2':
print(GR+' [*] Loading automatic mode...')
auto0x00(web, parallel)
print(G+' [+] XSS Module Completed!\n')
def cloud0x00(web):
requests = session()
web = web.replace('https://', '')
web = web.replace('http://', '')
#print(R+'\n =========================================')
#print(R+'\n C L O U D F L A R E M I S C O N F I G.')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·——·‹›·——·‹›·––·‹›\n')
from core.methods.print import pvln
pvln("cloudflare misconfig.")
time.sleep(0.4)
print(GR + ' [*] Checking server status...')
try:
ip_addr = socket.gethostbyname(web)
print(G + ' [+] Server detected online...')
time.sleep(0.5)
print(G + ' [+] Server IP :> ' + O + ip_addr)
except:
print(R + ' [-] Server seems down...')
print(GR + ' [*] Trying to identify backend...')
time.sleep(0.4)
web = 'http://' + web
try:
print(GR + ' [*] Making the no-verify request...')
time.sleep(0.6)
r = requests.get(web, verify=False)
header = r.headers['Server']
if 'cloudflare' in header:
print(O + ' [+] The website is behind ' + R + 'Cloudflare.')
print(G + ' [+] Server : Cloudflare')
time.sleep(0.4)
if properties["BYPASS"][1] == " ":
m = input(
O +
' [+] Do you want Vaile to try and bypass Cloudflare? (enter if not) :> '
)
byp = m is not ""
else:
byp = properties["BYPASS"][1] == "1"
if byp:
bypass(web)
else:
print(R + ' [-] Invalid choice...')
serverdetect(web)
try:
ip_addr = bypass.ip_addr
except:
pass
else:
print(
R +
' [-] Website does not seem to be a part of Cloudflare Network...'
)
except:
print(R + ' [-] Failed to identify server.\n [-] Some error occured!')
pass
def ssscript(web):
vuln = []
novuln = []
web = web.replace('https://','')
web = web.replace('http://','')
webb = web
if "@" in web:
webb = web.split("@")[1]
#print(R+'\n =======================================')
#print(R+'\n S A M E - S I T E S C R I P T I N G')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·——·‹›·——·\n')
from core.methods.print import pvln
pvln("same-site scripting")
time.sleep(0.5)
try:
if os.path.exists('files/'+webb+'-subdomains.lst') == True:
pass
else:
print(O+' [*] Gathering subdomains...')
print(GR+' [*] Initializing subdomain gathering...')
subdom0x00(web)
except:
print(R+' [-] Exception occured!')
os.system('mv '+webb+'-subdomains.lst tmp/')
#print(R+'\n =========================')
print(R+'\n S - S - S T E S T E R')
print(R+' ––·‹›·––·‹›·––·‹›·––·‹›·–\n')
try:
with open('tmp/'+webb+'-subdomains.lst','r') as dom:
for m in dom:
m = m.replace('\n','')
print(C+' [*] Running tests on '+GR+m+C+' for Same-Site Scripting...')
time.sleep(1.5)
try:
mp = socket.gethostbyname(m)
if '127.0.0.1' in mp or '0.0.0.0' in mp:
time.sleep(0.7)
print(G+' [+] This website is vulnerable to Same Site Scripting!')
vuln.append(web)
else:
time.sleep(0.7)
print(R+' [-] '+O+m+R+' is immune to Same-Site Scripting!')
novuln.append(web)
except socket.gaierror:
time.sleep(0.7)
pass
except Exception as e:
print(R+' [-] Error occured while processing module')
print(R+' [-] Error : '+str(e))
pass
def strutsshock(web):
print(GR + '\n [*] Loading module...')
time.sleep(0.5)
#print(R+'\n =======================================')
#print(R+'\n A P A C H E S T R U T S S H O C K ')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·——·‹›·——·‹›·——·\n')
from core.methods.print import pvln
pvln("apache struts shock")
strutsshock0x00(web)
def cookiecheck(web):
#print(R+'\n ==================================================')
#print(R+'\n C O O K I E C H E C K (HTTPOnly/Secure Flags)')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·——·‹›·——·‹›·––·‹›·——·‹›·––\n')
from core.methods.print import pvln
pvln("Cookie check")
print(GR+" [!] Initializing Header Analysis...")
Headers = RetrieveHeader(web)
cookiecheck0x00(Headers)
def icors(web):
print(GR + ' [*] Loading module...')
#print(R+'\n =========================================')
#print(R+'\n iNSECURE CROSS ORIGIN RESCOURCE SHARING')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·——·‹›·––·‹›·——·‹›\n')
from core.methods.print import pvln
pvln("icors")
check0x00(web)
time.sleep(1)
def shellshock(web):
print(GR+'\n [*] Loading module...')
time.sleep(0.5)
#print(R+'\n =====================')
#print(R+'\n S H E L L S H O C K ')
#print(R+' ——·‹›·––·‹›·——·‹›·——·\n')
from core.methods.print import pvln
pvln("shellshock")
shellshock0x00(web)
def netmisc(web):
print(GR + ' [*] Loading module...')
#print(R+'\n ===================================')
#print(R+'\n TELNET ENABLED (Network Misconf.)')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·——·‹›\n')
from core.methods.print import pvln
pvln("network misconf.")
print(GR + ' [*] Loading up port scanner...')
netmisc0x00(web)
time.sleep(0.5)
def zone(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
web = web.replace('http://', '')
web = web.replace('https://', '')
try:
#print(R+'\n ===========================')
#print(R+'\n Z O N E T R A N S F E R')
#print(R+' ---<>----<>----<>----<>----\n')
from core.methods.print import pvln
pvln("zone transfer")
time.sleep(0.4)
print(
O +
' [!] Looking up for name servers on which website is hosted...\n'
+ G)
time.sleep(0.7)
os.system('dig +nocmd ' + web + ' ns +noall +answer')
if properties["DNSV"][1] == " ":
h = input(O +
'\n [*] Enter the DNS Server you want to test for :> ')
else:
h = properties["DNSV"][1]
time.sleep(0.4)
print(GR + ' [*] Attempting zone transfer...')
time.sleep(0.9)
cm = subprocess.Popen(
['host', '-t', 'axfr', web, h, '+answer', '+noall', '+nocmd'],
stdout=subprocess.PIPE).communicate()[0]
if 'failed' in str(cm):
print(R + '\n [-] Zone transfer for ' + O + h + R + ' failed!')
print(R + ' [-] This website is immune to zone transfers!')
data = 'Zone transfer for ' + h + ' failed!\nThis website is immune to zone transfers.'
save_data(database, module, lvl1, lvl2, lvl3, name, data)
else:
print('\n' + G + cm)
save_data(database, module, lvl1, lvl2, lvl3, name, cm)
except Exception as e:
print(R + ' [-] Error encountered!')
print(R + ' [-] Error : ' + str(e))
def rfi(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Critical Vulnerabilities"
global lvl3
lvl3 = ""
#print(R+'\n ===========================================')
#print(R+'\n R E M O T E F I L E I N C L U S I O N')
#print(R+' ---<>----<>----<>----<>----<>----<>----<>--\n')
from core.methods.print import pvln
pvln("remote file inclusion")
if properties["PARALLEL"][1] == " ":
pa = input(" [?] Parallel Attack? (enter if not) :> ")
parallel = pa != ""
else:
parallel = properties["PARALLEL"][1] == "1"
print(C + ' Choose from the options:\n')
print(B + ' [1] Custom Targetting')
print(B + ' [2] Automated Scanning\n')
m = input(O + ' [§] TID :> ')
if str(web).endswith('/'):
pass
else:
web = web + '/'
if m == '1':
cust0x00(web, parallel)
elif m == '2':
auto0x00(web, parallel)
else:
print(G + ' [+] U mad?')
time.sleep(0.9)
print('')
rfi(web)
def rce(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Critical Vulnerabilities"
global lvl3
lvl3 = ""
#print(R+'\n =========================================')
#print(R+'\n O S C O M M A N D I N J E C T I O N ')
#print(R+' ---<>----<>----<>----<>----<>----<>----<>\n')
from core.methods.print import pvln
pvln("os command Injection")
if properties["PARAM"][1] == " ":
web0 = input(O+' [§] Path Parameter '+R+'(eg. /ping.php?site=foo)'+O+' :> ')
else:
web0 = properties["PARAM"][1]
if "?" in web0 and '=' in web0:
if web0.startswith('/'):
m = input(GR+'\n [!] Your path starts with "/".\n [§] Do you mean root directory? (Y/n) :> ')
if m == 'y' or m == 'Y':
web00 = web + web0
elif m == 'n' or m == 'N':
web00 = web + web0
else:
print(R+' [-] U mad?')
else:
web00 = web + '/' + web0
if properties["PARALLEL"][1] == " ":
pa = input(" [?] Parallel Attack? (enter if not) :> ")
parallel = pa != ""
else:
parallel = properties["PARALLEL"] == "1"
getPayloads(web00, parallel)
else:
print(R+" [-] Please enter the URL with parameters...")
rce(web)
def sessionfix(url):
requests = session()
#print(R+'\n =================================')
#print(R+'\n S E S S I O N F I X A T I O N')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·——·\n')
from core.methods.print import pvln
pvln("session fixation")
print(GR + ' [*] Making the request...')
if properties["COOKIE"][1] == " ":
coo = input(O + ' [#] Got any cookies? [Just Enter if None] :> ')
elif properties["COOKIE"][1].lower() == "none":
coo = ""
else:
coo = properties["COOKIE"][1]
if coo is not "":
req = requests.get(url, cookies=coo, verify=True, timeout=7)
else:
req = requests.get(url, verify=True, timeout=7)
if req.cookies:
print(G + ' [+] Found cookie reflecting in headers...')
print(B + ' [+] Initial cookie state: ' + C, req.cookies, '\n')
user = input(O + ' [#] Enter authentication username :> ' + C)
upass = input(O + ' [#] Enter password :> ' + C)
print(GR + ' [*] Trying POST request with authentication...')
cookie_req = requests.post(url,
cookies=req.cookies,
auth=(user, upass),
timeout=7)
print(B + ' [+] Authenticated cookie state:' + C, cookie_req.cookies)
if req.cookies == cookie_req.cookies:
print(G + ' [+] Site seems to be vulnerable...')
print(G +
' [+] Site is vulnerable to session fixation vulnerability!')
else:
print(O + ' [!] Cookie values do not match...')
print(R + ' [-] Target not vulnerable to session fixation!')
else:
print(R + ' [-] No basic cookie support!')
print(R + ' [-] Target not vulnerable to session fixation!')
print(G + ' [+] Session Fixation Module Completed!\n')
def icors(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
#print(R+'\n =========================================')
#print(R+'\n iNSECURE CROSS ORIGIN RESCOURCE SHARING')
#print(R+' ---<>----<>----<>----<>----<>----<>----<>\n')
from core.methods.print import pvln
pvln("icors")
check0x00(web)
time.sleep(1)
def hsts(web):
print(GR + ' [*] Loading module...')
time.sleep(0.5)
#print(R+'\n ================================')
#print(R+'\n HTTP STRICT TRANSPORT SECURITY')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·——·‹›·––\n')
from core.methods.print import pvln
pvln("hsts")
if 'https' in web:
check0x00(getHeaders0x00(web))
else:
print(R + ' [-] No SSL/TLS detected...')
m = input(O + ' [#] Force SSL/TLS (y/N) :> ')
if m == 'y' or m == 'Y':
print(GR + ' [*] Using revamped SSL...')
o = 'https://' + web.replace('http://', '')
check0x00(getHeaders0x00(web))
elif m == 'n' or m == 'N':
print(GR + ' [-] Skipping module...')
def shellshock(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Critical Vulnerabilities"
global lvl3
lvl3 = ""
time.sleep(0.5)
#print(R+'\n =====================')
#print(R+'\n S H E L L S H O C K ')
#print(R+' ---<>----<>----<>----\n')
from core.methods.print import pvln
pvln("shellshock")
shellshock0x00(web)
def mailspoof(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
time.sleep(0.5)
#print(R+'\n =========================')
#print(R+'\n M A I L S P O O F E R ')
#print(R+' ---<>----<>----<>----<>--\n')
from core.methods.print import pvln
pvln("mail spoofer")
spoofable = False
try:
domain = web
print(O + ' [!] Getting txt records...')
spfstr = spfStr0x00(domain)
dmValStr = dmCheck0x00(domain)
if dmValStr is False:
spoofable = True
else:
spoofable = False
if spoofable == True:
print(G + " [+] Spoofing possible for " + O + domain + "!")
save_data(database, module, lvl1, lvl2, lvl3, name,
"Spoofing possible for " + domain)
else:
print(R + " [-] Spoofing not possible for " + O + domain + '...')
save_data(database, module, lvl1, lvl2, lvl3, name,
"Spoofing not possible for " + domain)
except Exception as e:
print(R + " [-] Undefault KeyError encountered!")
print(R + ' [-] Exception : ' + str(e))
def netmisc(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
#print(R+'\n ===================================')
#print(R+'\n TELNET ENABLED (Network Misconf.)')
#print(R+' ---<>----<>----<>----<>----<>----<>\n')
from core.methods.print import pvln
pvln("network misconf.")
print(GR + ' [*] Loading up port scanner...')
netmisc0x00(web)
time.sleep(0.5)
def cookiecheck(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
#print(R+'\n ==================================================')
#print(R+'\n C O O K I E C H E C K (HTTPOnly/Secure Flags)')
#print(R+' ---<>----<>----<>----<>----<>----<>----<>----<>---\n')
from core.methods.print import pvln
pvln("Cookie check")
print(GR + " [!] Initializing Header Analysis...")
Headers = RetrieveHeader(web)
cookiecheck0x00(Headers)
def rfi(web):
#print(R+'\n ===========================================')
#print(R+'\n R E M O T E F I L E I N C L U S I O N')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·——·‹›·——·‹›·–\n')
from core.methods.print import pvln
pvln("remote file inclusion")
if properties["PARALLEL"][1] == " ":
pa = input(" [?] Parallel Attack? (enter if not) :> ")
parallel = pa is not ""
else:
parallel = properties["PARALLEL"][1] == "1"
print(C + ' Choose from the options:\n')
print(B + ' [1] Custom Targetting')
print(B + ' [2] Automated Scanning\n')
m = input(O + ' [§] TID :> ')
if str(web).endswith('/'):
pass
else:
web = web + '/'
if m == '1':
cust0x00(web, parallel)
elif m == '2':
auto0x00(web, parallel)
else:
print(G + ' [+] U mad?')
time.sleep(0.9)
print('')
rfi(web)
def clickjack(web):
#print(R+'\n ========================')
#print(R+'\n C L I C K J A C K I N G')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·—\n')
from core.methods.print import pvln
pvln("clickjacking")
try:
dom = web
print('' + C + ' [*] Configuring the web address...')
time.sleep(0.8)
if "http" not in dom:
dom = "http://" + dom
print('' + GR + ' [*] Checking the Web Address...')
time.sleep(0.4)
req = urllib.request.urlopen(dom)
print('' + B + ' [*] Requesting headers...')
time.sleep(0.7)
headers = req.info()
print('' + G + '\n [*] Checking for Clickjackability...')
time.sleep(0.5)
if not "X-Frame-Options" in headers:
print('' + O + ' [!] The Website is clickjackable!!!')
time.sleep(0.2)
print('' + GR + ' [*] Generating report...')
time.sleep(0.4)
print('' + C +
' [*] POC as below... You can save it as a html file :)')
time.sleep(0.2)
code1 = """
<html>
<head><title>Clickjack test page</title></head>
<body>
<p>Website is vulnerable to clickjacking!</p>
<iframe src="{}" width="1000" height="500"></iframe>
</body>
</html>
""".format(web)
code = """
\033[1;32m<html>
\033[1;32m<head><title>\033[1;33mClickjack test page\033[1;32m</title></head>
\033[1;32m<body>
\033[1;32m<p>\033[1;33mWebsite is vulnerable to clickjacking!\033[1;32m</p>
\033[1;32m<iframe src=\033[1;36m"{}" \033[1;32mwidth="1000" height="500"></iframe>
\033[1;32m</body>
\033[1;32m</html>
""".format(web)
print(code)
time.sleep(0.3)
w = input("" + GR + " [*] Do you want to save this? (y/n) :> ")
if w == "y":
print('' + B + ' [!] Generating POC ...')
time.sleep(1.0)
web0 = web.split('//')[1]
html_file = open(
"tmp/logs/" + web0 + "-logs/" + web0 +
"-clickjack-poc.html", "w+")
html_file.write(code1)
html_file.close()
print('')
print('' + G + ' [+] POC successfully saved under tmp/logs/' +
web0 + "-logs/" + web0 + '-clickjack-poc.html!')
print('')
else:
print('' + B + ' [+] Okay :)')
else:
print('' + R + ' [-] Website not vulnerable to clickjacking...')
except Exception as e:
print('' + R + ' [-] Something went wrong!')
print(G + ' [-] Error : ' + str(e))
